stent - Negative prices will cause old orders to be canceled (same as previous audit)

[sherlock-admin]

stent

medium

Negative prices will cause old orders to be canceled (same as previous audit)

Summary

This was an issue from the previous Sherlock audit: sherlock-audit/2023-02-gmx-judging#177

In the above issue it was stated "Although unlikely the possibility of this must be addressed instead of canceling it" which is not case in the new code. A new error was added and thrown correctly as suggested, but not caught in the _handleOrderError function and so the order is still cancelled.

Vulnerability Detail

Same as previous audit.

Impact

Same as previous audit.

Code Snippet

Negative price causes custom error revert:

// File: gmx-synthetics/contracts/oracle/Oracle.sol : Oracle._setPricesFromPriceFeeds()   #1

        if (_price <= 0) {
            revert Errors.InvalidFeedPrice(token, _price);
        }

https://github.com/gmx-io/gmx-synthetics/blob/a2e331f6d0a3b59aaac5ead975b206840369a723/contracts/oracle/Oracle.sol#L604

Tool used

Manual Review

Recommendation

Add new error to the list of oracle errors in _handleOrderError that result in the tx being reverted with ErrorUtils.revertWithCustomError